CVE-2025-14174

Google Threat Intelligence Group, iVerify, and Lookout have jointly disclosed DarkSword — a full-chain iOS exploit kit active since November 2025 that chains 6 vulnerabilities including 3 zero-days to completely compromise iPhones running iOS 18.4 through 18.7. Used by state-sponsored actors and commercial surveillance vendors across Saudi Arabia, Turkey, Malaysia, and Ukraine. Update to iOS 26.3.1 or 18.7.6 immediately.

Severity

critical

CVSS Score

9.8 / 10

Exploitation

Actively exploited

Published

Mar 19, 2026

Affected Products

›iPhone running iOS 18.4 through iOS 18.7 — all models capable of running these versions
›Safari and WebKit on all affected iOS versions — the initial exploit entry point
›JavaScriptCore — CVE-2025-31277 (patched iOS 18.6 / 26.1) and CVE-2025-43529 (patched iOS 18.7.3 / 26.2)
›dyld dynamic linker — CVE-2026-20700 PAC bypass (patched iOS 26.3)
›ANGLE graphics layer — CVE-2025-14174 (patched iOS 18.7.3 / 26.2)
›iOS kernel — CVE-2025-43510 memory management (patched iOS 18.7.2 / 26.1) and CVE-2025-43520 memory corruption (patched iOS 18.7.3 / 26.2)

Full Analysis

DarkSword iOS Exploit Kit: 6 Vulnerabilities, 3 Zero-Days, Full iPhone Takeover — 221 Million Devices Still at Risk

Deep-dive: technical breakdown, real-world impact, complete remediation steps, and expert context.

Read the full report →

← All threat reports All articles